Creating an Application Load Balancer

(Optional) This topic describes how to set up an Application Load Balancer, which distributes incoming traffic to ensure high availability and reliability for your applications. 

Related topic

Deploying-BMC-AMI-AI-Services-on-Amazon-Web-Services

To create and import a TLS certificate into AWS Certificate Manager

To deploy BMC AMI AI Services on AWS Cloud, you must create and import a TLS certificate into AWS Certificate Manager to establish secure, encrypted connections for your applications.

  1. If you already have a certificate authority (CA), you can reuse it for this deployment process. Otherwise, you or your internal IT security team must create a self-signed CA. Create the certificate for the domain hosting BMC AMI AI Services. Then store the certificate in a safe place to upload to the AWS Application Load Balancer, as described in .

  2. Create or acquire (from a CA) a certificate to extract the certificate_chain.pem, privatekey.pem, and server_certificate.pem files by running the following commands in your terminal:

    openssl pkcs12 -in <your certificate name.pfx> -clcerts -nokeys -out server_certificate.pem -legacy
    openssl pkcs12 -in <your certificate name.pfx> -cacerts -nokeys -out certificate_chain.pem -legacy
    openssl pkcs12 -in <your certificate name.pfx> -nocerts -out privatekey.pem -nodes -legacy

  3. Open the AWS Certificate Manager (ACM) console athttps://console.aws.amazon.com/acm/home.

  4. Select Import a certificate and follow these steps:

    1. For Certificate body, paste the PEM-encoded certificate as follows:

      ----BEGIN CERTIFICATE---
      <text>
      ---END CERTIFICATE----

    2. For Certificate private key, paste the certificate's PEM-encoded, unencrypted private, as follows:

      ----BEGIN PRIVATE KEY---
      <text>
      ---END PRIVATE KEY----
    3. (Optional) For Certificate chain, paste the PEM-encoded certificate chain.
  5. Click Review and import.
  6. On the Review and import page, verify the metadata displayed on your certificate. The fields on this page are as follows:
    • Domains—A list of fully qualified domain names (FQDN) authenticated by the certificate
    • Expires in—The number of days until the certificate expires
    • Public key info—The cryptographic algorithm generates the key pair
    • Signature algorithm—The cryptographic algorithm used to create the certificate's signature

    • Can be used with—A list of ACMIntegrated servicesthat support the type of certificate you are importing

  7. If everything is correct, click Import.

To create a load balancer

Follow these steps to create a load balancer.

To configure a target group

  1. Open the Amazon EC2 console athttps://console.aws.amazon.com/ec2/.

  2. In the navigation pane, click Target Groups.
  3. Click Create target group.
  4. In the Basic configuration section, set the following parameters:
    1. For Choose a target type, select Instances.
    2. For Target group name, enter a name such as AMIAI-Target.
    3. Modify the Protocol to HTTP and Port to 8000.
    4. Select IP address type as IPv4.
    5. For VPC, select the VPC from the menu.
    6. For Protocol version, select HTTP1.
  5. In the Health checks section, enter HTTP for the protocol.
  6. Enter the following health check path: /admin/
  7. Click Advanced health check settings.
  8. Click Override and enter port 8000.
  9. Click Next.

To register targets

  1. On the Register targets page, select the EC2 instance created in the Creating-an-EC2-instance step.
  2. Enter port 8000.
  3. Click Include as pending below.
  4. Click Create target group.

To configure a load balancer and a listener

  1. Open the Amazon EC2 console athttps://console.aws.amazon.com/ec2/.

  2. In the navigation pane, click Load Balancers.
  3. Click Create Load Balancer.
  4. Under Application Load Balancer, click Create.
  5. In the Basic configuration area, follow these steps:
    1. In the Load balancer name field, enter the name of your load balancer (for example, AMIAI-ALB).
    2. For Scheme, select Internet-facing.
    3. For IP address type, select IPv4.
  6. In the Network mapping area, follow these steps: 
    1. For VPC, select the VPC that you used for your EC2 instances.
    2. For Mappings, select any two Availability Zones.
    3. Accept the subnets assigned by AWS.
  7. In the Security groups area, select the security group created in EC2 instances.
  8. In the Listeners and routing area, follow these steps:
    1. From the Protocol menu, select HTTPS.
    2. In the Port field, enter 443.
    3. For Default action, select the target group that you created earlier. This creates an association between the target group and the load balancer.
  9. In the Secure Listener Settings area, select the latest predefined security policy.
  10. In the Default SSL/TLS certificate, select From ACM and then select the certificate that you imported in step 2 of the previous section.
  11. In the AWS Web Application Firewall (WAF) area, select the Include WAF security protections behind the load balancer check box.
  12. Accept the other defaults and click Create load balancer.

Updating Amazon Route 53

  1. Assign the domain name to the AWS Load balancer

    1. Sign in to the AWS Management Console and open the Route 53 console athttps://console.aws.amazon.com/route53/.

    2. Click Create hosted zone.
    3. In the Create Hosted Zone area, enter the domain name (for example, bmc.com).
    4. For Type, accept the default value of Public hosted zone.
    5. Click Create hosted zone.
    6. In the Records area, click Create record.
      1. In the Record name field, enter subdomain name (for example, www.amiaiaws).
      1. In the Record type field, select A - Routes traffic to an IPv4 address and some AWS resources.
      2. Switch the Alias toggle key to On.
      3. In the Route traffic section, follow these steps:
        1. From the first menu, select Alias to Application and Classic Load Balancer.
        2. From the first menu, select the region where the application load balancer was created.
        3. Select the load balancer that you created. (The load balancer has a dual-stack prefix.)
      4. Select Simple Routing as the Routing policy.
      5. Switch the Evaluate target health toggle key to Yes.
      6. Click Create records button to create the A record.
        image-2024-10-14_15-58-13.png
    2. After a few minutes, verify that the domain name resolves to the public IP of the application load balancer. Then run the following command prompt to verify that the domain resolves to the public IP of the application load balancer, replacing domain after nslookup with the domain value that you entered in step c.

Where to go from here

See Configuring-BMC-AMI-AI-Services-for-installation.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*